Quantify Cyber Risk Now

iOS Security Checklist for Every iPhone User | Lucideus Research

Most of us can agree on, that there’s nothing more amazing than owning an iOS device. Apple has always come up with the perfect amalgamation of design and features. Apple, not only focuses on design and the user interface, it has a lot more to offer in terms of user’s data security. Unfortunately, this is not a concern of many layman users and moreover the security features are scattered across multiple domains which does not make it intuitive to a user. So today, we will be discussing about some security features of an iOS device, which can help a common user harden their iOS device and have more control over what kind of information they share, review kind of services and permissions that an application has access to and some best practices in general to keep your information, even in case of a theft.

Here’s our part one of the security features in detail :

Notifications:- Notifications are the most important aspect of any mobile device. Generally, notifications from applications contains promotional offers and advertisements. But notifications that contains sensitive information like messages, chat, an OTP for the bank transaction, etc. should not be disclosed until and unless the user is authorised. This can sometimes become a precursor to social engineering attacks and unintentional information disclosure. By default, all the notifications are visible by swiping up on the lock screen. This does not require any kind of authorisation.

This default behaviour can be changed with just a simple configuration change in Settings.

1) Open up Settings.

2) Go to Notifications.

3) Tap on Show Previews.

4) By default, it is set to Always. Change this to When Unlocked to show the notification content only on successful authorisation.

A particular real scenario where it can come handy is when you handover your phone to a friend or a stranger to make a call, you can always lock the screen or set the screen timeout activity to a minimum 30 seconds, so that nobody can see your notifications without your permission.

Touch ID & Passcode:With the advent of Touch ID, the authorisation process on the iOS devices has become more secure, faster and reliable for a common user. However, with a little more control over where and when to use Touch ID, one can ensure a pretty tight security on their device. The following implementation for Touch ID will be suitable for most of the users:

1) Open up Settings and go toTouch ID and Passcode.

2) Enter your passcode, if set.

3) Turn on Touch ID for iTunes and App Store. This will ensure whenever you make a purchase on the App Store, your device will ask for Touch ID to continue with the purchase or installation.

4) Scroll down to the very end and enable Erase Data. This option should be used cautiously, since it will wipe out data after 10 failed attempts of passcode. If your iOS device ever gets stolen, rest assured your data will be safe and will be completely wiped out if any attacker tries to brute force the passcode.

5) You can have a much greater control of what content should be accessed when locked. As you can see, there are a bunch of options to be customised. I leave it upto you to decide what goes best with your daily needs.

Payment & Shipping: When you purchase something from the App Store which involves a monetary transaction, then your card is automatically stored in your iOS Device. For some control freaks like me, I don’t want my card details to be ever stored on my phone. This can particularly become handy for parents if your kids have your iOS device and you don’t want them to blow your money on the App Store.

Here’s how you can remove your saved cards from your device:

Go to Settings and click on your Profile.

2. Click on Payment & Shipping.

Click on the Payment Method and set it None.

Find My iPhone: As the name suggests, if your device ever gets stolen, or you accidentally left it somewhere and cannot remember, this feature can help you a lot. This is a must to have on this checklist. Some taps here and there and we are done.

Go to Settings and click on your Profile.

Scroll down and click on your iPhone profile.

Turn on Find My iPhone & Send Last Location.

But, wait there is a twist to it. If you have never used Find My iPhone before and your device gets stolen, probably it will be of no use, since it asks for a confirmation on the device itself with a 6 digit number. On your iPhone, a sign-in request would appear if you log in from a new machine or a browser.

This is the 6 digit confirmation code for the sign in from the new machine or device.

So, I recommend every user to log in to iCloud and go through the process once. It will ask to trust the browser, click on “Trust” and then to use Find My iPhone always use the browser which is already trusted.

When logged in to iCloud.com, go to Find My iPhone. It has 3 features:-

Play Sound : It is helpful when your device is in vicinity. You’ll be able to ring your device remotely

This is the alert generated on the iPhone when you play the sound.

Lost Device : It is helpful when your device gets lost and is found by someone else. It will post a message on your iPhone to call a respective number which will you type in using iCloud.

In lost mode, enter your phone number where you can be reached with a custom message attached to it.

The custom message along with the contact number will be shown on the device screen.

Erase Data : This one should be used as last resort when you have tried the first two options and you are sure that your device cannot be recovered. It will remotely erase all your data from the device so that any confidential information of yours should not get into someone’s else hands.

It is recommended to always have your location services ON for better accuracy for reporting it on the map.

Setting Up Restrictions:To allow customised access to services like Camera, Microphone, Location, etc. to the applications installed, we need to set up restrictions for it.

Go to Settings.

Click on General and choose Restrictions

3. Enter your Restrictions passcode, if set.

There are multiple sections in here, let’s take them one by one.

Allow: Under this, you will find services provided by your iOS device. As you can already see, it includes Safari, Camera, Siri & Dictation, etc. You can toggle their corresponding switches to allow or deny global access throughout your device across your applications. One of my favourites is: Installing Apps. if you turn it off, any new applications cannot be installed on your device. This is particularly useful in scenarios when handing out your phone to someone else without the fear of getting something malicious installed in your iOS device. The opposite goes for Deleting Apps.

Allowed Content: This controls what kind of content gets onto your iOS device. Putting it in simple terms, this is the content filter which any parent would be looking for their children. You can go through various subsections like Websites, Apps, Music or TV programmes, whether to allow explicit content or to limit it to some websites.

Privacy & Allow Changes:This control provides you to lock a particular set of settings for a variety of services. Once locked, no application can change the service settings like turning location on if it’s off or vice versa. The same can be done for a variety of services like Photos, Microphone, etc.

In this particular subsection, I have chosen Microphone to demonstrate an example.

If I change the restrictions to Don’t Allow Changes, it will lock it down as custom preferences for Microphone, to say it in layman terms, no new application will have access to Microphone other than those which are currently marked green in the restrictions.

Facebook

Follow by Email

Categories

Lucideus is an Enterprise Cyber Security platforms company incubated from IIT Bombay and backed by Cisco's former Chairman and CEO John Chambers. It protects multiple Fortune 500 companies and governments around the world. The name Lucideus is derived from Lucifer (Satan) and Deus (God) as they are in the business of hacking for good.